Mitel Product Security Advisory 16-0001
SQL Injection Vulnerability in MiCollab
Advisory ID: 16-0001
Publish Date: 2016-02-01
A SQL injection vulnerability has been identified in MiCollab 7.0 which, if successfully exploited, could allow an attacker to access sensitive information in the MiCollab database.
As defined by the Open Web Application Security Project (OWASP):
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
Review the link provided in the External References section for more information.
The following products have been identified as affected:
|Product Name||Product Versions||Security Bulletin||Last Updated|
This risk of this vulnerability is rated as high. Refer to the product Security Bulletin for additional statements regarding risk.
Mitigation / Recommended Action
Customers are advised to review the product Security Bulletin, and to contact support, to determine applicability and obtain instructions on how to obtain and apply a patch.